Today, Jan 29 2013, the Department of Homeland Security advises computer users to disable Universal Plug and Play (UPnP), after researchers at Rapid7 alerted DHS that hackers could exploit UPnP flaws to gain access to tens of millions of vulnerable devices. UPnP is basically a communications protocol that allows networks to identify and communicate with equipment, reducing setup time.
Rapid7 discovered between 40 million and 50 million devices that were vulnerable to attack due to three separate sets of UPnP problems. "This is the most pervasive bug I've ever seen," said HD Moore, chief technology officer for Rapid7. This is the whitepaper where they describe the problem.
They also have a free download that allows you to scan and see if you are at risk.
Rapid7 discovered between 40 million and 50 million devices that were vulnerable to attack due to three separate sets of UPnP problems. "This is the most pervasive bug I've ever seen," said HD Moore, chief technology officer for Rapid7. This is the whitepaper where they describe the problem.
They also have a free download that allows you to scan and see if you are at risk.
